Malware, Trojan, Virus?

Discussion in 'Mac Basics and Help' started by schrautm, Oct 1, 2011.

  1. schrautm macrumors newbie

    Joined:
    Oct 1, 2011
    #1
    I am struggling with a problem on my MacBook.

    Whenever I use either Firefox or Safari, I will have an unwanted advertisement pop up as I click on a link to a new page. When I click on a link the link will take me to the webpage I request and then after briefly stopping at the desired page, I am redirected to an unwanted page or pages. (This happens very frequently in particular with Wikipedia.) I can click back to the desired page with few problems.

    I have installed Sophos Anti-Virus, iAntiVirus, MacScan, and SecureMac but all of the scans come back clean. I have read through several forums trying to figure out what else it can be and have followed all of those steps to no avail.

    I have no idea what is causing this problem. I am really frustrated and would like to figure this out. If anyone can offer any advice or help, I would greatly appreciate it.

    Thanks
     
  2. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #2
    There is a part about redirecting titled "Why am I being redirected to other sites?" in the following FAQ:
    Mac Virus/Malware Info by GGJstudios
    There are currently no viruses for Mac OS X in public circulation, only a handful of trojans and other malware, which have to be installed manually via entering the administrator password.
    The only anti-virus you need to protect your Mac is education and common sense.

    Did that help?

    Btw, you alluded to additional steps you have taken after using the useless AV software titles. What were they, so we can avoid guessing games?


    To edit your thread title to a descriptive one, just click on the [​IMG] button on the bottom right of your original post and then click the [​IMG] button below your message.
     
  3. schrautm, Oct 1, 2011
    Last edited: Oct 1, 2011

    schrautm thread starter macrumors newbie

    Joined:
    Oct 1, 2011
    #3
    I have searched for anything related to Mac Defender, Mac Security, Mac Protector, Mac Shield, and Mac Guard.

    I have followed the steps in the terminal program using the commands sudo crontab -l (which comes back saying no crontab for root).

    At this point I know I've tried other things, but I've been periodically trying to solve this problem and have forgotten some of the things I've tried.

    Have I missed something obvious I need to try?
     
  4. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #4
    Then the part about "Why am I being redirected to other sites?" does not help I presume?

    And what were the additional steps besides the AV applications you have taken?

    We can't help you if you don't help us with more information, otherwise we will keep guessing, thus prolonging finding a solution for you.

    Do you know, what kind of malware you may have installed?
    What Mac OS X version do you use? Have you run the latest updates?

    And just because it is not liked:

     
  5. schrautm thread starter macrumors newbie

    Joined:
    Oct 1, 2011
    #5
    Ok I have tried the searches that walk me through how to deal with Mac Defender, Mac Security, Mac Guard, Mac Shield, and Mac Protector.

    I've also run in terminal sudo crontab -l which comes back saying no crontab for root.

    Is there something else obvious I'm missing.

    ----------

    Sorry for my frustrated response.....

    I am running OS X 10.5.8 and I last ran my software updates yesterday. No change.
     
  6. John T macrumors 68020

    John T

    Joined:
    Mar 18, 2006
    Location:
    UK.
    #6
    The first thing to do is remove Sophos, iAntiVirus, MacScan, and SecureMac that you have already installed. As explained above, none of these are necessary and can actually slow down and create problems to the system. Getting rid of them could well solve your problems!
     
  7. schrautm thread starter macrumors newbie

    Joined:
    Oct 1, 2011
    #7
    Ok I unistalled all of those programs and I'm still having problems.
     
  8. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #8
    What about the part I linked you to?
     
  9. schrautm thread starter macrumors newbie

    Joined:
    Oct 1, 2011
    #9
    1. I searched through several threads on MacRumors that may be applicable and have been trying them. Usually they work for me, this time I haven't been as lucky. But yes I tried that.

    2. Is there a more appropriate Forum for my problems? Mac Basics and Help seemed the most appropriate of all the forums I encountered.

    3. I am not sure if what I'm dealing with is Malware, a Trojan Horse, or Virus. I am assuming that is where the problem lies. If I have mis-categorized my thread, please let me know.

    4. Hardware Overview:

    Model Name: MacBook
    Model Identifier: MacBook5,1
    Processor Name: Intel Core 2 Duo
    Processor Speed: 2.4 GHz
    Number Of Processors: 1
    Total Number Of Cores: 2
    L2 Cache: 3 MB
    Memory: 4 GB
    Bus Speed: 1.07 GHz
    Boot ROM Version: MB51.007D.B03
    SMC Version (system): 1.40f2
    Serial Number (system):
    Hardware UUID: BDB61675-B3C1-5EE2-BBED-AA52CFFC8E57
    Sudden Motion Sensor:
    State: Enabled

    AirPort:

    Type: AirPort
    Hardware: AirPort
    BSD Device Name: en1
    IPv4 Addresses: 192.168.1.102
    IPv4:
    Addresses: 192.168.1.102
    Configuration Method: DHCP
    Interface Name: en1
    NetworkSignature: IPv4.Router=192.168.1.1;IPv4.RouterHardwareAddress=00:12:17:33:84:5f
    Router: 192.168.1.1
    Subnet Masks: 255.255.255.0
    IPv6:
    Configuration Method: Automatic
    AppleTalk:
    Configuration Method: Node
    Default Zone: *
    Interface Name: en1
    Network ID: 65431
    Node ID: 163
    DNS:
    Server Addresses: 93.188.161.105, 93.188.166.105, 1.2.3.4
    DHCP Server Responses:
    Domain Name Servers: 93.188.161.105,93.188.166.105,1.2.3.4
    Lease Duration (seconds): 0
    DHCP Message Type: 0x05
    Routers: 192.168.1.1
    Server Identifier: 192.168.1.1
    Subnet Mask: 255.255.255.0
    Proxies:
    Exceptions List: *.local, 169.254/16
    FTP Passive Mode: Yes
    Ethernet:
    MAC Address: 00:25:00:47:4a:da
    Media Options:
    Media Subtype: Auto Select

    System Software Overview:

    System Version: Mac OS X 10.5.8 (9L31a)
    Kernel Version: Darwin 9.8.0
    Boot Volume: Bremen
    Boot Mode: Normal
    Computer Name:
    User Name:
    Time since boot: 1:40

    5. Unwanted pop ups and redirects while using both Safari and Firefox.

    6. I've been having these problems for at least 2 months, possibly 3.

    7. I've tried downloading Sophos, iAntiVirus, MacScan, and SecureMac. I have now uninstalled them. I have run sudo crontab -l with it coming back saying no crontab for root. I have searched for plugins.settings with no such file present. I have searched for Mac Defender, Mac Guard, Mac Security, Mac Protector, and Mac Shield with no related files.

    Have I answered all of your questions? If I'm missing anything just let me know.

    ----------

    I have been trying to follow the DNS edit. All of my DNS servers are gray, but I am unable to remove any of them. I am only able to add DNS servers, so I am not able to follow through on the DNS update in the previous post.
     
  10. Mal macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #10
    The answer to your question is none of the above. If you have DNS servers listed that are greyed out, then they are being provided by your router and/or ISP. You've probably fallen victim to a security hole in your router allowing someone to insert bad DNS servers into it. Reset your router (following instructions in the manual, usually involving inserting a paper clip into a small hole and holding a button down with it for 10-15 seconds), and see if the problem disappears.

    jW
     
  11. schrautm thread starter macrumors newbie

    Joined:
    Oct 1, 2011
    #11
    Also running scutil in terminal followed by show State:/Network/Global/DNS it shows that the list of DNS servers is the same as that listed in the DNS tab under Network.

    ----------

    The router belongs to my roommate. By resetting the router will it reset the network password? If so I will need to hold off on this step until I can discuss this with my roommate.
     
  12. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #12
    Yes.

    Btw, using Google and the three IPs provided by the DNS section of your System Proiler snippet gets me this:
    http://www.google.com/search?client...oe=UTF-8&redir_esc=&ei=A3qHTqqAMovItAaTmfzgAQ
    http://www.google.com/search?client...oe=UTF-8&redir_esc=&ei=CXqHTvDfCc3RsgbAgP3gAQ
    http://www.google.com/search?client...oe=UTF-8&redir_esc=&ei=D3qHToWxKIbLsgbN5fngAQ

    Maybe your roommate is infested?

    Can you access the router via its web interface and change the DNS settings?
     
  13. schrautm thread starter macrumors newbie

    Joined:
    Oct 1, 2011
    #13
    Unfortunately I am not having any luck gaining web access to the router. I am going to have to wait until my roommate gets back.

    I think she has been having issues with her MacBook as well. Would this mean that her computer is infecting mine via the router or is the router simply compromised?
     
  14. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #14
    The router is compromised.
    Read the malware FAQ to see what a virus, a trojan and malware is.
     
  15. schrautm thread starter macrumors newbie

    Joined:
    Oct 1, 2011
    #15
    Thank you for your help. Once I have done a reset on the router, I will provide an update on the effects.
     
  16. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #16
    You should uninstall all antivirus apps that you installed. You don't need any 3rd party antivirus software to protect your Mac from malware, and it's never advisable to run more than one AV app on any system.

    The most effective method for complete app removal is manual deletion:
     
  17. schrautm thread starter macrumors newbie

    Joined:
    Oct 1, 2011
    #17
    Update on my issues......

    It seems that resetting the router did the trick.

    Thanks for all of the help!
     
  18. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #18
    FYI, the first response to this thread gave you all the information you needed to resolve this issue.
     

Share This Page